Table Of Contents
Service Inventory > Inventory and Connection Manager
Preparing Inventory with Inventory Manager
Importing Devices from Configuration Files
Importing Devices with Autodiscovery
Collecting Configuration Files
Creating a New Customer with Devices
Creating a New Provider with Devices
Importing Connections with Autodiscovery
Importing Services with Autodiscovery
Marking Interfaces for IPsec, Firewall, NAT, or QoS
Inventory Manager GUI Reference
Spreadsheet and Workbook Features
Load Default Values to Selected Cells
Apply Interface Marking Rules to Selection
Show Color Coded Column Headers
Collect Latest Configuration Files
Editing a Device Configuration
Accessing the Device Groups Window
Accessing the Customers Window
Accessing the Providers Window
Accessing the Resource Pools Window
Creating a Route Distinguisher and Route Target Pool
Creating a Site of Origin Pool
Accessing the CE Routing Communities Window
Creating CE Routing Communities
Deleting CE Routing Communities
Accessing the AAA Servers Window
Accessing the Named Physical Circuits Window
Creating a Named Physical Circuit
Deleting Named Physical Circuits
Service Inventory > Inventory and Connection Manager
From the Home window you receive upon logging in, click the Service Inventory tab and you receive a window, as shown in Figure 4-1, "Service Inventory Selections."
Figure 4-1 Service Inventory Selections
Click on Inventory and Connection Manager and a window as shown in Figure 4-2, "Inventory and Connection Manager Selections," appears.
Figure 4-2 Inventory and Connection Manager Selections
From Inventory and Connection Manager, you can navigate to any of the following functions:
•
Service Requests Create, deploy, and manage Service Requests (SRs).
•
•
•
•
•
•
•
•
•
•
•
Service Requests
Service Requests are explained in each of the User Guides for each of the licensed services.
Table 4-1, "Summary of IP Solution Center Service Request States," describes each ISC service request state. The states are listed in alphabetical order.
Figure 4-3, "Service Request States Transition Diagram," shows the transitions of states.
Figure 4-3 Service Request States Transition Diagram
Inventory Manager
This section describes how to install, configure, and use Inventory Manager (IM) to prepare for provisioning services with ISC. It contains the following subsections:
•
•
•
Overview of Inventory Manager
Service providers and enterprise customers need a way to efficiently manage a large number of physical and logical devices. The IM application within ISC enables an operator to import network specific data into the ISC database in bulk mode. IM performs three primary functions:
•
•
•
There are three different ways to get started with deploying services in ISC.
The quickest method is to import the configuration files of all of the target devices (for example, routers, firewalls, and switches) from a known location. These configuration files do not need to be the most current version of the device configuration but, to ease the set up process, the files should be from the current hardware configuration.
The second most common method is creation of devices without configuration files with subsequent collection from live routers to determine the current setup. In order to use this method you must know the host name, management address, and password for each device. Once collection is completed you can move the devices to a new or existing customer or provider, which is also known as the provider administrative domain (PAD).
The primary method for initializing target devices is autodiscovery. From an address and some parameters, the autodiscovery process uses Cisco Discovery Protocol (CDP) to discover devices within a specified number of hops from the starting point.
Prerequisites and Limitations
This document is intended for network engineers who have sufficient experience with MPLS VPN, L2VPN, and IPsec to provision these technologies using ISC.
All of the network elements that you plan to provision should support the required hardware features and Cisco IOS versions.
Client Requirements
To launch IM, the client device needs to run Java VM 1.4.0 and Java WebStart 1.0.1.
Name Resolution
IM requires name resolution. The ISC HTTP server host must be in the Domain Name System (DNS) that the web client is using or the name and address of the ISC server must be in the client host file.
SNMP
Prior to device discovery, SNMP must be enabled. All devices in the ISC provisioning environment must support SNMP. ISC supports SNMP versions 1, 2c, and 3.
CDP
Prior to device discovery, CDP must be enabled. IM uses CDP to perform the service discovery task. CDP should be enabled globally and at the interface level for each device in the ISC provisioning environment.
NAT
Prior to device discovery, no Network Address Translation (NAT) mapping for router IP addresses is allowed.
Group Membership Requirements
To run the Inventory Manager you need both the Collection_Task and the Device_Import_Task group memberships. This is the minimum requirement to successfully create physical or logical devices and to upload configuration files from the client to the ISC server.
Launching Inventory Manager
The first time you launch IM, perform these required tasks:
IM runs as a stand-alone Java application on a client machine. It also runs outside of the Java Virtual Machine (VM) on the main ISC master server. The current release of the IM application requires the client device to run Java VM 1.4.0 and Java WebStart 1.0.
If you do not have Java Runtime Environment (JRE) version 1.4.0, run the j2sdk-1_4_0_03-windows-i586.exe program to install it onto your client device. You can download this program for Solaris, Linux, and Windows workstations from the following Sun archive URL:
http://java.sun.com/products/archive/j2se/1.4.0_03/
You can download the Java Web Start update package for Solaris, Linux, and Microsoft Windows from these URLs:
http://java.sun.com/products/javawebstart/download-windows.html
http://java.sun.com/products/javawebstart/download-solaris.html
http://java.sun.com/products/javawebstart/download-linux.html
The following description assumes you are using a PC based system running Microsoft Windows 2000 Professional Build 5.00.2195 with Service Pack 2 applied.
Install Java SDK 1.4.0
To install Java Software Development Kit (SDK) 1.4.0 on the client device, follow these steps:
Step 1
Figure 4-4 Run j2sdk-1_4_0_03-windows-i586.exe
Follow the prompts and respond accordingly.
Step 2
Figure 4-5 Install the Java SDK on the Client Device
The License Agreement window appears.
Step 3
The Choose Folder dialog box appears.
Step 4
Figure 4-6 Choose the Installation Folder
The Choose Destination Location window appears.
Step 5
Figure 4-7 Choose Destination Location
The Select Components dialog box appears.
Step 6
Figure 4-8 Accept the Default Components
The Select Browsers dialog box appears.
Step 7
Figure 4-9 Select Browser
Step 8
Figure 4-10 Complete Setup
The Client Java 2 SDK installation is complete.
Step 9
Install Java WebStart 1.0.1
To install Java WebStart 1.0.1, follow these steps:
Step 1
Figure 4-11 Run javaws-1_0_1-rt.exe
Step 2
The Installation Directory dialog box appears.
Step 3
Figure 4-12 Set the Correct Path
The Java WebStart installation begins.
Step 4
Figure 4-13 Finish Install
The Java WebStart installation is complete.
Step 5
Launch Inventory Manager
To launch IM, follow these steps:
Step 1
Step 2
Step 3
Step 4
Figure 4-14 Start Java WebStart
You receive the Java Web Start ISC - Inventory Manager window, as shown in Figure 4-15.
Figure 4-15 Java Web Start ISC - Inventory Manager
You should receive a splash image of Cisco Systems, if the installation is successful, as shown in Figure 4-16.
Figure 4-16 Java WebStart Splash Image
The Inventory Manager launches automatically and is connected to the Master ISC server.
Preparing Inventory with Inventory Manager
This section contains the following subsections:
•
•
•
•
•
•
•
•
Importing Devices from Configuration Files
If the configuration files are for a particular customer or provider, you can create a new customer or provider and associate the configuration files with CPEs or PEs. If the customer or provider currently exists in the repository, you can open them and insert more CPEs or PEs to be associated with new or existing sites or regions.
To import devices with configuration files, follow these steps:
Step 1
This step creates a container for target devices that can be moved to a provider or customer during the initialization process.
Step 2
You receive a prompt to import configuration files. You probably have a repository of configuration files on an existing network management device or TFTP server. Copy these files to the web client machine for import or make them available with a shared directory.
Step 3
The configuration files on the web client can be located by normal file browsing with both Shift and Control+Click select for multiple selections. When creating a new device group, only one filtering option is available: All Files.
Note
Step 4
The IM now imports a row in a spreadsheet workbook for each selected configuration file. By default, the IM inspects the configuration files and determines the device type, which includes Cisco IOS, CatOS, PIX, and VPN 3000. It also parses passwords, SNMP information, interfaces, and virtual circuits.
If cells in the resulting spreadsheet are empty, IM was not able to determine the value and, if it is required, the operator must provide the data or choose the information from a defined set of choices before saving.
These operations are described in more detail in the following sections as they are common to all methods of importing device information and administration.
Step 5
Importing Devices with Autodiscovery
Note
To import devices with Autodiscovery, follow these steps:
Step 1
This creates a spreadsheet where each row represents a potential seed device for discovery. For each seed device, the management interface must be provided. The management interface is the address on the device that the ISC host uses to reach the device.
After creating a new device list, a discovery starting point needs to be configured. This starting point is a device that can be reached from the ISC host. For each seed device, an accessible interface on the starting point is configured, because the management interface must be provided. The management interface is the address on the device that the ISC host uses to reach the device.
New dynamic device discovery requires the following manual tasks:
•
•
A policy.xml file is created and a hop count is set automatically.
To choose the seed devices and hub, pick a seed device that can reach a large section of the network. Pick one or more of them until you think these devices will enable you to reach your entire managed network.
Point-of-presence (POP) routers are usually good choices. If you choose all the POPs in your network as the collection of seed devices and put in the appropriate number of hubs, you discover the entire managed network.
To pick the hub number, go to the CE that is the furthest from its associated POP, and count the number of devices between them. If this number is N, the hub number is N+1, assuming you are picking the POP as the seed.
Step 2
Step 3
A maximum hop count is specified for the autodiscovery process. The autodiscovery process queries the starting point device for its CDP table. From this table, all of those devices are queried for their CDP information. This CDP query process continues until the maximum hop count from the starting point is reached. Please note that only devices running the CDP process are discovered.
The autodiscovery process queries the starting point device for its CDP table. From this table, all of those devices are queried for their CDP information. This CDP query process continues until the maximum hop count from the starting point is reached.
Step 4
Note
You are prompted to save two files. One file contains the list of the discovered devices and the other contains information related to connectivity between the devices. The discovered device information can be saved in XML to use as a starting point for future discovery efforts.
Step 5
Step 6
Configuring the Devices
After the discovered devices are rendered in the spreadsheet, they must have several parameters set before the devices can be saved to the repository and perform a successful live configuration collection. These parameters include:
•
•
•
Note
First remove any devices that are not required in the provisioning process. These items include core network devices or non-PE, CPE, and CLE devices that are used within the operator's network.
To remove unwanted devices, follow these steps:
Step 1
Shift-select and Control-select are useful for multiple devices.
Step 2
It is common in networks for devices to share many parameters. The Defaults option allows these common parameters to be entered for many devices at the same time; for example, login password, enable password, and SNMP strings.
To edit multiple devices, follow these steps:
Step 1
A row for default values can be edited for each tab of the device list. The next step of the configuration process collects live configurations that require login and enable passwords.
Step 2
After entering the default values, select all of the devices that share those common parameters. For devices that have values other than the default values, you can perform multiple editing techniques.
Step 3
A dialog box, similar to the defaults window appears, allowing you to enter values to be applied to the selection.
Note
Step 4
The management IP address is the address that ISC uses to communicate with the element. This address must be reachable from the ISC host. When the devices were imported or discovered, ISC attempts to select the proper address as a management address starting with a loopback address. Verify the selected address for accessibility from the ISC host. ISC must be able to reach the network element for the configuration process to progress.
Step 5
Collecting Configuration Files
Collecting configuration files serves two purposes. It loads the current configuration information for the device, which populates many of the cells. It also verifies reachability and passwords for the reachable devices.
This task is created in the repository and starts up right away. Logs can be viewed as normal for a collection spawned using only the Web GUI.
The task name is Inventory_Manager_Collection_xxxxxx_username, where xxxxxx is a unique number and the username is admin, or whatever the logged in username is in ISC.
To collect configurations, follow these steps:
Step 1
Step 2
Creating a New Customer with Devices
The devices should now be assigned roles, either PE or CE. You can assign roles by highlighting each device group and adding it to a new or existing Provider or Customer. Routers can be moved in bulk to customers with IM.
To move CE routers to a new customer, follow these steps:
Step 1
Step 2
Step 3
A new tab is created at the bottom of the device list and the routers are associated with the customer.
Each customer router must be put into a site. A site can have more than one router in it. All routers in a site should share routing information with the external provider network.
Step 4
Step 5
Step 6
Repeat this process for all the CPEs.
All customer routers must have a Management Type selected. As with customer site, a range of router Management Type cells can be selected for bulk editing
Step 7
Step 8
Step 9
Creating a New Provider with Devices
A provider or provider administrative domain (PAD) is a group of Provider Edge (PE) devices that share a common BGP AS.
To move PE routers to a new provider and create a region, follow these steps:
Step 1
Step 2
When the devices are assigned a PAD, they become Provider Edge (PE) routers. PEs must be placed into regions. Each PAD must have one or more regions. A region is a collection of PEs that may share an address pool.
Step 3
If the desired region has already been created, it can be selected.
Step 4
You can also add multiple PEs to a single region in one step using standard multiple selection techniques and choosing the Edit > Edit Selected Devices menu. As with single PE editing, you are prompted to choose an existing region or create a new region.
This completes the assignment of roles to devices.
Note
Importing Connections with Autodiscovery
To discover connections, Named Physical Circuits (NPC), run NPC Autodiscovery. This task defines the PE and CE link information, which is used by Common Discovery in the final stage of the autodiscovery process. NPC Autodiscovery has one prerequisite, the connection.xml file. Ensure that this file has been uploaded from the ISC server to the client workstation before running this task.
To import connections with NPC Autodiscovery, follow these steps:
Step 1
You are prompted to provide the path to the correct connection.xml file.
Step 2
A dialog box appears, indicating that the NPC discovery process has started.
Step 3
To find the discovered NPCs, go to Service Inventory > Inventory and Connection Manager > Named Physical Circuits.
Importing Services with Autodiscovery
At this point, you can choose to run the Common Discovery process. ISC manages Ethernet over MPLS (L2VPN) and MPLS networks with IPsec. To detect free interfaces on each device for provisioning purposes, existing services either need to be discovered automatically or entered into the system manually.
For very large networks with many provisioned services, manual entry is time consuming and prone to human error. These issues are alleviated by the Common Discovery process. The Common Discovery process discovers:
•
•
To import services with Autodiscovery, follow these steps:
Step 1
You are prompted to select which type of Common Discovery to perform.
Step 2
You are notified when service discovery is finished.
Step 3
Marking Interfaces for IPsec, Firewall, NAT, or QoS
The interface marking process is only required for provisioning IPsec, Firewall, NAT, or QoS services. Marking interfaces on a one-by-one basis can be a very time consuming and tedious task. IM provides a helpful tool to create rules for marking interfaces based on predefined criteria. You can apply one or more rules to selected devices to mark the interfaces in a bulk fashion.
For IPsec, the public interfaces are the interfaces where the IPsec or GRE tunnels terminate and the private interfaces are the interfaces behind which the subnets to be protected reside.
For firewalls, the outside interfaces connect to the outside, typically unsecured, networks and the inside interfaces are for the subnets residing behind the firewall.
To mark interfaces with IM, follow these steps:
Step 1
A window appears allowing you to create, modify, or delete existing rules or folders. One simple rule can mark all Loopback0 interfaces as public for IPsec.
Step 2
Step 3
Note
Inventory Manager GUI Reference
This section describes how to use the Inventory Manager (IM) GUI in ISC. It is organized by the external design of the GUI: what you see when you look at the windows, menus, and options. It is intended for new users who want to get started with IM, and for experienced users who need a reference for the GUI workflow.
This section contains the following sections:
•
Introducing IM GUI
Although IM has the physical look and feel of any windows application, with File, Edit, View, Tasks, and Tools menus, the work flow is designed to have the logical view of a spreadsheet. When you learn how to use one spreadsheet in IM, you learn how to use them all. For example, when you learn how to set defaults or edit columns in one spreadsheet, you can set defaults or edit columns for each type of spreadsheet in IM.
Spreadsheet and Workbook Features
In IM, a selection of tabs within a spreadsheet is called a workbook. Multiple workbooks comprise a single system object most of the time.
To understand how the IM spreadsheet works, here are some highlights of this feature:
•
–
–
•
–
–
–
•
•
•
–
–
–
–
•
•
•
•
When debugging why a tab has a Red X, this can help to pinpoint the column in error, or missing data, very quickly.
•
–
–
–
•
•
•
•
•
•
•
•
•
–
–
–
•
–
–
–
–
Accessing IM GUI
To access Inventory Manager, follow these steps:
Step 1
Step 2
After initializing Java WebStart, the Inventory Manager window appears, as shown in Figure 4-17.
Figure 4-17 Connected to Inventory Manager
You are now ready to use Inventory Manager.
File Menu
From the Inventory Manager window, shown in Figure 4-17, File is the first menu on the Task Bar. The File menu has the following options:
•
•
•
•
New
From the Inventory Manager window, shown in Figure 4-17, New is the first option under the File menu on the Task Bar. The New option has the following options:
•
Additionally, Add Configuration Files, is an option from alternate tabs.
New Device Group
To create a new Device Group, follow these steps:
Step 1
Figure 4-18 New Device Group
The New Device Group window appears, as shown in Figure 4-19.
Note
Figure 4-19 New Device Group
Step 2
Step 3
The No Config Files Specified for Import window appears, as shown in Figure 4-20.
Figure 4-20 No Config Files Specified for Import
Step 4
If you choose Yes, the Choose Config Files for Device Group window appears and you can add your configuration files to the Device Group, as shown in the "Add Configuration Files" section.
New Provider
To create a new Provider, follow these steps:
Note
Step 1
The New Provider window appears, as shown in Figure 4-21.
Figure 4-21 New Provider
Step 2
Step 3
Step 4
The Inventory Manager menu appears with a spreadsheet for the Provider, as shown in Figure 4-22.
Figure 4-22 New Provider Spreadsheet
General Tab
The General tab contains the following columns:
•
•
•
•
•
•
•
•
•
Passwords Tab
The Passwords tab contains the following columns:
•
•
•
•
•
•
•
SNMPv3 Attributes Tab
The SNMPv3 Attributes contains the following columns:
•
•
•
•
•
•
•
PE Attributes Tab
The PE Attributes tab contains the following columns:
•
•
•
•
•
•
PE Interfaces Tab
The PE Interfaces tab contains the following columns:
•
•
•
•
•
•
•
•
•
•
•
•
CNS Attributes Tab
The CNS Attributes tab contains the following columns:
•
•
•
•
•
Platform Information Tab
The Platform Information tab contains the following columns:
•
•
•
•
•
New Region
To create a new Region, follow these steps:
Note
Step 1
The New Region for Provider window appears, as shown in Figure 4-23.
Figure 4-23 New Region for Provider
Step 2
The Inventory Manager menu appears with a spreadsheet for the Provider, as shown in Figure 4-24.
Figure 4-24 New Provider Spreadsheet
For a description of the tabs and definition of the fields in the Provider, Region, and PE spreadsheets, see Figure 4-22.
New Customer
To create a new Customer, follow these steps:
Note
Step 1
The New Customer window appears, as shown in Figure 4-25.
Figure 4-25 New Customer
Step 2
Step 3
The Inventory Manager menu appears with a spreadsheet for the Customer, as shown in Figure 4-26.
Figure 4-26 New Customer Spreadsheet
General Tab
The General tab contains the following columns:
•
•
•
•
•
•
•
•
•
Passwords Tab
The Passwords tab contains the following columns:
•
•
•
•
•
•
•
SNMPv3 Attributes Tab
The SNMPv3 Attributes contains the following columns:
•
•
•
•
•
•
•
CPE Attributes Tab
The CPE Attributes tab contains the following columns:
•
•
•
•
CPE Interfaces Tab
The CPE Interfaces tab contains the following columns:
•
•
•
•
•
•
•
•
•
•
•
CNS Attributes Tab
The CNS Attributes tab contains the following columns:
•
•
•
•
•
Platform Information Tab
The Platform Information tab contains the following columns:
•
•
•
•
•
New Site
To create a new Site, follow these steps:
Note
Step 1
Figure 4-27 New Site
Step 2
Step 3
The Inventory Manager menu appears with a spreadsheet for the Customer, as shown in Figure 4-28.
Figure 4-28 New Customer Spreadsheet
New Dynamic Device List (without existing configs)
If you do not have existing configuration files, you can create physical devices, using the Device Spreadsheet. The physical devices can be associated with logical devices at a later time.
To create a new dynamic device list, follow these steps:
Step 1
A new Device Spreadsheet appears, as shown in Figure 4-29.
Figure 4-29 New Device Spreadsheet
Device Information
The Device Information tab contains the following columns:
•
•
•
•
•
•
•
•
•
•
•
•
New IE2100 Device List
ISC supports the Cisco CNS IE2100 Device Access Protocol for communication with any Cisco IOS device. Inventory Manager supports the same functionality for the CNS IE2100 as the other devices described in the chapter.
Note
Add Configuration Files
For an example of how to add configuration files in a new Device Group, follow these steps:
Note
Step 1
Figure 4-30 New Device Group Option
The New Device Group window appears, as shown in Figure 4-31.
Step 2
Step 3
Figure 4-31 New Device Group
The Open Config Files window appears, as shown in Figure 4-32. If you choose Open, the Open Config Files window appears, and you can add your configuration files to the Device Group.
Step 4
Figure 4-32 Open Config Files
A new row is added to the Spreadsheet Editor for the group, as shown in Figure 4-33.
Figure 4-33 Spreadsheet Editor
The Spreadsheet Editor enables you to specify attributes for physical devices. When you create devices this way, no logical devices such as CPE or PE are created
To finish, choose File > Save.
Open
From the Inventory Manager window, shown in Figure 4-18, Open is the second option under the File menu on the Task Bar. The Open option has the following options:
Open Discovery Seed File
Note
To open a discovery seed file, follow this step:
Step 1
The Open window appears, as shown in Figure 4-34.
Figure 4-34 Open Discovery Seed File
Step 2
Open Device Group
To open an existing Device Group, follow these steps:
Step 1
A search dialog appears, as shown in Figure 4-35.
Figure 4-35 Open Device Group
Step 2
Step 3
A Device Spreadsheet Editor appears, where you can edit device parameters such as passwords and SNMP information, as shown in Figure 4-36.
Figure 4-36 Device Spreadsheet Editor
Open Provider
To open an existing Provider, follow these steps:
Step 1
A search dialog appears, as shown in Figure 4-37.
Figure 4-37 Open Provider
Step 2
Step 3
A PE Spreadsheet Editor appears with all Regions and PEs for that Provider listed in the Spreadsheet Editor, as shown in Figure 4-38.
Note
Figure 4-38 PE Spreadsheet Editor
Open Region
To open an existing Region, follow these steps:
Step 1
A search dialog appears, as shown in Figure 4-39.
Figure 4-39 Open Provider
Step 2
Step 3
Step 4
You can also create a Region for the Provider by choosing Create Region.
Figure 4-40 Open Region
A PE Spreadsheet Editor appears with all PEs for the Region listed in the Spreadsheet Editor, as shown in Figure 4-41.
Figure 4-41 PE Spreadsheet Editor
Open Customer
To open an existing Customer, follow these steps:
Step 1
A search dialog appears, as shown in Figure 4-42.
Figure 4-42 Open Customer
Step 2
Step 3
A CPE Spreadsheet Editor appears with all Sites and CPE for the Customer listed in the Spreadsheet Editor, as shown in Figure 4-43.
Figure 4-43 CPE Spreadsheet Editor
Open Site
To open an existing Site, follow these steps:
Step 1
A search dialog appears, as shown in Figure 4-44.
Figure 4-44 Open Customer
Step 2
Step 3
Choose from the list of existing Sites, as shown in Figure 4-45. You can also create a Site for the Customer by choosing Create Site.
Figure 4-45 Open Site
A CPE Spreadsheet Editor appears with all the CPEs for that Site listed in the Spreadsheet Editor, as shown in Figure 4-46.
Figure 4-46 CPE Spreadsheet Editor
Required Attributes
From the Inventory Manager window, shown in Figure 4-18, Required Attributes is the third option under the File menu on the Task Bar. To specify required attributes, you must open a Spreadsheet Editor for one of the following options:
•
•
•
•
•
•
•
•
The Spreadsheet Editors work the same for each inventory group. They default to the General tab and display a list of attributes. Some attributes in each Spreadsheet Editor are required and others are not. You can make some of the non-system required attributes required by clicking a checkbox for that attribute.
If an attribute is required, the spreadsheet tab will have a red X indicating that more information is required by the system for all later processing to proceed without errors. For example, errors can occur when processing service requests or creating a VPN. When all required information is filled out, the red X changes to either a yellow or green Continue Image. When you see a red X on a tab, it means you need to fill out more information for the tab.
From the Required Attributes option, you can specify required attributes for the following inventory groups:
Device Groups
To specify required attributes for a Device Group, follow these steps:
Step 1
A search dialog appears.
Step 2
Figure 4-47 Open Device Group
Step 3
The General tab on the Required Attributes window for a Device Group appears, as shown in Figure 4-48.
Step 4
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-48 Generic Device - General Attributes
The General tab contains the following attributes:
•
•
•
•
•
•
•
•
Step 5
The Passwords tab on the Required Attributes window appears, as shown in Figure 4-49.
Step 6
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-49 Generic Device - Password Attributes
The Passwords tab contains the following attributes:
•
•
•
•
•
•
Step 7
The SNMPv3 tab on the Required Attributes window appears, as shown in Figure 4-50.
Step 8
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-50 Generic Device - SNMPv3 Attributes
The SNMPv3 Attributes tab contains the following attributes:
•
•
•
•
•
•
Step 9
The CNS tab on the Required Attributes window appears, as shown in Figure 4-51.
Step 10
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-51 Generic Device - CNS Attributes
The CNS Attributes tab contains the following attributes:
•
•
•
•
Step 11
The Platform Information tab on the Required Attributes window appears, as shown in Figure 4-52.
Step 12
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-52 Generic Device - Platform Information Attributes
The Platform Information tab contains the following attributes:
•
•
•
•
Providers, Regions, and PE
To specify required attributes for a Provider, follow these steps:
Step 1
A search dialog appears.
Step 2
Figure 4-53 Open Provider
Step 3
The General tab on the Required Attributes window for the provider appears, as shown in Figure 4-54.
Step 4
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-54 PE Device - General Attributes
The General tab contains the following attributes:
•
•
•
•
•
•
•
•
Step 5
The Passwords tab on the Required Attributes window appears, as shown in Figure 4-55.
Step 6
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-55 PE Device - Password Attributes
The Passwords tab contains the following attributes:
•
•
•
•
•
•
Step 7
The SNMPv3 Attributes tab on the Required Attributes window appears, as shown in Figure 4-56.
Step 8
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-56 PE Device - SNMPv3 Attributes
The SNMPv3 Attributes contains the following attributes:
•
•
•
•
•
•
Step 9
The PE Attributes tab on the Required Attributes window appears, as shown in Figure 4-57.
Step 10
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-57 PE Device - PE Attributes
The PE Attributes tab contains the following attributes:
•
•
•
•
•
Step 11
The PE Interfaces tab on the Required Attributes window appears, as shown in Figure 4-58.
Step 12
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-58 PE Device - PE Interfaces
The PE Interfaces tab contains the following attributes:
•
•
•
•
•
•
•
•
•
•
Step 13
The CNS Attributes tab on the Required Attributes window appears, as shown in Figure 4-59.
Step 14
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-59 PE Device - CNS Attributes
The CNS Attributes tab contains the following attributes:
•
•
•
•
Step 15
The Platform Information tab on the Required Attributes window appears, as shown in Figure 4-60.
Step 16
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-60 PE Device - Platform Information
The Platform Information tab contains the following attributes:
•
•
•
•
Customers, Sites, and CE
To specify required attributes for a Customer, follow these steps:
Step 1
A search dialog appears.
Step 2
Figure 4-61 Open Customer
Step 3
The General tab on the Required Attributes window appears, as shown in Figure 4-62.
Step 4
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-62 CPE Device - General Attributes
The General tab contains the following attributes:
•
•
•
•
•
•
•
•
Step 5
The Passwords tab on the Required Attributes window appears, as shown in Figure 4-63.
Step 6
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-63 CPE Device - Password Attributes
The Passwords tab contains the following attributes:
•
•
•
•
•
•
Step 7
The SNMPv3 Attributes tab on the Required Attributes window appears, as shown in Figure 4-64.
Step 8
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-64 CPE Device - SNMPv3 Attributes
The SNMPv3 Attributes contains the following attributes:
•
•
•
•
•
•
Step 9
The CPE Attributes tab on the Required Attributes window appears, as shown in Figure 4-65.
Step 10
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-65 CPE Device - CPE Attributes
The CPE Attributes tab contains the following attributes:
•
•
•
Step 11
The CPE Interfaces tab on the Required Attributes window appears, as shown in Figure 4-66.
Step 12
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-66 CPE Device - CPE Interfaces
The CPE Interfaces tab contains the following attributes:
•
•
•
•
•
•
•
•
•
•
Step 13
The CNS Attributes tab on the Required Attributes window appears, as shown in Figure 4-67.
Step 14
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-67 CPE Device - CNS Attributes
The CNS Attributes tab contains the following attributes:
•
•
•
•
Step 15
The Platform Information tab on the Required Attributes window appears, as shown in Figure 4-68.
Step 16
A check in the box indicates a value of required. A blank box indicates not required.
Figure 4-68 CPE Device - Platform Information Attributes
The Platform Information tab contains the following attributes:
•
•
•
•
Save
From the Inventory Manager window, shown in Figure 4-18, Save is the fourth option under the File menu on the Task Bar.
This option saves your work.
Close
From the Inventory Manager window, shown in Figure 4-18, Close is the fifth option under the File menu on the Task Bar.
This option name changes depending on which Spreadsheet Editor you choose. For example, if you are editing a Customer named CustomerA, the menu would show File Close CustomerA.
If there are changes to be saved, the system prompts you to save, and then the Spreadsheet Editor closes. You have an opportunity to cancel the operation if saving is required.
Exit
From the Inventory Manager window, shown in Figure 4-18, Exit is the sixth option under the File menu on the Task Bar.
This option shuts down the Inventory Manager. If there are changes to be made, the system prompts you to save changes before exiting.
Edit Menu
From the Inventory Manager window, shown in Figure 4-17, Edit is the second menu on the Task Bar. The Edit menu has the following options:
•
•
Insert More Devices
When editing a Device Group, Provider, or Customer, choosing this option causes a File Open Dialog to appear, where you can select more configuration files to be inserted. A new row is created for each new configuration file that is added:
•
•
•
•
To insert more devices in a Spreadsheet Editor, choose Edit > Insert More Devices from the Inventory Manager window.
Remove Selected Devices
When editing a Device Group, Provider, or Customer, choosing this option allows selected rows to be removed from the spreadsheet.
To delete rows in a Spreadsheet Editor, choose Remove Selected Devices from the Inventory Manager window.
Use the Host Name Column to select rows of device information. A confirmation dialog appears. If you choose Yes, the selected rows are removed from the Spreadsheet Editor.
Note
Move to New Customer
This option is enabled only when you create devices using the Open Discovery Seed File or New Dynamic Device List options. You must select rows using the Host Name Column or the Select All option. The selected rows in the spreadsheet are moved to a new tab for a Customer in a CPE Spreadsheet Editor.
To create a new Customer and move the selected rows to a new CPE Spreadsheet Editor, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Move to New Provider
This option is enabled only when you create devices using the Open Discovery Seed File or New Dynamic Device List options. You must select rows using the Host Name Column or the Select All option. The selected rows in the spreadsheet are moved to a new tab for a Provider in a PE Spreadsheet Editor.
To create a new Provider and move the selected rows to a new PE Spreadsheet Editor, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Move to Customer
This option is enabled only when you create devices using the Open Discovery Seed File or New Dynamic Device List. You must use the Host Name Column or the Select All options to select rows. The selected rows in the spreadsheet are moved to a new tab for the customer in a CPE Spreadsheet Editor.
To select rows in a table, open an existing customer, and move the rows to a new CPE Spreadsheet Editor, and follow these steps:
Step 1
Step 2
A dialog box appears asking you to enter the existing Customer name.
Step 3
Step 4
If you click OK, the selected rows are removed from the current spreadsheet into an existing customer CPE spreadsheet.
Note
Edit the CPEs as you would for any customer by associating them with new or existing Region objects. If the originating spreadsheet is empty after the operation, it automatically closes.
Move to Provider
This option is enabled only when you create devices using the Open Discovery Seed File or New Dynamic Device List. You must use the Host Name Column or the Select All options to select rows. The selected rows in the spreadsheet are moved to a new tab for the Provider in a PE Spreadsheet Editor.
To select rows in a table, open an existing provider, and move the rows to a new PE Spreadsheet Editor, and follow these steps:
Step 1
Step 2
A dialog box appears asking you to enter the existing Provider name.
Step 3
Step 4
If you click OK, the selected rows are removed from the current spreadsheet into an existing Provider PE spreadsheet.
Note
Step 5
Edit Selected Devices
To edit selected devices from rows in a spreadsheet, follow these steps:
Step 1
A Multi-Attribute Cell Editor appears where you can set a value that is applied to all selected cells for each respective column in the selection.
Step 2
Step 3
A column-specific editor appears.
Step 4
A new dialog appears showing a table with one row. Each column containing selected cells in the originating spreadsheet is represented in the dialog.
Step 5
Step 6
Step 7
You are prompted with a search dialog to specify the value. The type of search dialog depends on the column you are editing. For example, if you edit a username you are prompted with a single input editor. If you are editing a password column, you get a password editor.
To edit multiple attributes at one time, select the cells using the following standard techniques for multiple selections:
•
•
•
•
Edit Default Attributes
Each spreadsheet editor (Device Group, CPE, PE, and Dynamic Device List) has the ability to store separate default attributes. Defaults for passwords and other parameters for PEs can be different from those of CPEs.
For example, all PEs in a provider network can share the same passwords, SNMP attributes, and so on. Using IM, you can store default attributes for most of the attributes in each spreadsheet. These default attributes can then be applied to selected cells using the Edit > Load Default Attributes to Selected Cells menu.
To edit default attributes, follow these steps:
Step 1
A new dialog appears containing a table with one row.
Step 2
Step 3
Each specific Spreadsheet Editor has its own unique set of columns. Each editor allows the specification for default values to be stored and retrieved at a later time. It is the standard spreadsheet format and to specify the values you must click on each cell. These values are automatically saved between sessions and are stored per user on the client machine running the Inventory Manager.
When specifying default values for the Management Address or PE Loopback Interface columns, you may enter more than one interface name.
For example, Loopback0;FastEthernet0;Ethernet0, where the separator between names must be a semi-colon. When attempting to set the Management Interface using the default supplied for any given device, the interfaces stored on the device must be checked against the value provided. If the value provided is Loopback0 and the interface does not exist on the device, it can not be set. The interface must actually exist on the device before IM allows it as a valid value.
In the example of Loopback0;FastEthernet0;Ethernet0, IM uses a left to right precedence rule. For each selected device it first checks to see whether Loopback0 exists. If it is found on the device, it is used as the correct value, otherwise it looks for FastEthernet0 and continues down the list until it finds an acceptable result. If no interfaces on the device match the request string, the value remains unchanged.
Load Default Values to Selected Cells
To load default values to selected cells, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
The values that you stored using the Edit > Edit Default Attributes menu are applied to each selected cell.
For example, if all of the devices you are editing belong to the same provider and share the same passwords you can specify the default password and apply it to the entire spreadsheet without having to remember it.
Apply Interface Marking Rules to Selection
This menu is only enabled when you are editing logical devices, such as CPEs and PEs. It allows you to mark interfaces on devices and determine how network traffic flows on the network. You can specify values for NAT, IPsec, QoS, and Firewall.
To apply Interface Marking Rules to selected devices, you must first create a set of rules for your organization.
From the Inventory Manager window, choose Tools > Interface Marking Rule Editor to open a rule editor where you can import or export rule files or create new or modify existing rules.
To apply the rules, select the desired cells in the spreadsheet and from the Inventory Manager window, choose Tools > Apply Interface Marking Rules to Selection.
A Rule chooser dialog appears, allowing you to select one or more rules to be applied against the interfaces on a device.
If you have devices selected, each interface on the selected devices has the rule applied to it. If you have specific interfaces selected in the Interface tab it is only applied to the selected Interfaces. If a rule is applied against an interface, something may or may not happen with respect to NAT, QoS, IPsec, and Firewall. Something happens only if the interface meets the criteria of the rule. See the "Interface Marking Rule Editor" section for more details.
Select All
This option selects all the cells in a spreadsheet, except the host name column. Typically, the host name column is not editable and does not participate in typical edit operations.
If you want to select all rows in the spreadsheet, first click on the Host Name column and press the Ctrl+A accelerator key. This operation selects all the cells in a Spreadsheet Editor that are currently open.
From the Inventory Manager window, choose Edit > Select All to use this option.
View Menu
From the Inventory Manager window, shown in Figure 4-17, View is the third menu on the Task Bar. The View menu has the following options:
•
Fit Columns in Window
From the Inventory Manager window, choose View > Fit Columns in Window to expand or contract the cells in the Spreadsheet Editor to fit the window.
Show Color Coded Column Headers
From the Inventory Manager window, choose View > Show Color Coded Column Headers to show the colors of the column headers.
Tasks Menu
From the Inventory Manager window, shown in Figure 4-17, Tasks is the fourth menu on the Task Bar. The Task menu has the following options:
•
Collect Latest Configuration Files
This option is applied to selected rows in a spreadsheet, if rows are selected. If no rows are selected, all devices contained in the spreadsheet are visited and their configurations are downloaded to the ISC server. It is important for the login and enable passwords to be specified correctly, together with the management address, for each device to be reached and files to be successfully collected.
A persistent task is created on the Master server and IM waits for the collection process to complete. When the task completes, you are notified of success or failure. You can use the Web GUI to view the task logs on the Master server to see why a task has failed. If successful, you are prompted to refresh from the repository. This is recommended, because it is possible that the configuration has changed since the last time the configuration was retrieved.
From the Inventory Manager window, choose Tasks > Collect Latest Configuration Files to collect the latest configuration files.
Start Autodiscovery
From the Inventory Manager window, choose Tasks > Start Autodiscovery to start the device discovery process.
Start NPC Autodiscovery
From the Inventory Manager window, choose Tasks > Start Autodiscovery to start the connection discovery process.
Start Service Discovery
From the Inventory Manager window, choose Tasks > Start Autodiscovery to start the service discovery process.
Tools Menu
From the Inventory Manager window, shown in Figure 4-17, Tools is the fifth menu on the Task Bar. The Tools menu has the following option:
•
Interface Marking Rule Editor
To mark interfaces, follow these steps:
Step 1
A window appears where you can create, modify, or delete existing rules or folders. One rule can mark all Loopback0 interfaces as public for IPsec.
Step 2
From the Inventory Manager window, choose Edit > Apply Interface Marking Rule(s) to the selection. A rule chooser appears for you to select and apply one or more rules.
Logging Menu
From the Inventory Manager window, shown in Figure 4-17, Logging is the sixth menu on the Task Bar. The Logging menu allows you to specify the following log output levels to the Logging UI:
•
All log messages are sent to the Log Viewer located near the bottom of the IM Application
•
Only severe log messages are sent to the Log Viewer located near the bottom of the IM Application
•
Only warning and severe log messages are sent to the Log Viewer located near the bottom of the IM Application
•
Only informational, warning, and severe log messages are sent to the Log Viewer located near the bottom of the IM Application
•
Only fine, informational, warning, and severe log messages are sent to the Log Viewer located near the bottom of the IM Application
•
Only finer, fine, informational, warning, and severe log messages are sent to the Log Viewer located near the bottom of the IM Application
•
Only finest, finer, fine, informational, warning, and severe log messages are sent to the Log Viewer located near the bottom of the IM Application
•
No log messages are sent to the Log Viewer located near the bottom of the IM Application.
Help
From the Inventory Manager window, shown in Figure 4-17, Help is the seventh menu on the Task Bar. The Help menu has the following option:
About
Loads the About dialog showing version information and some web URLs for Cisco Systems Inc.
Topology
The topology tool provides a graphical view of networks set up through the ISC web client. It gives a graphical representation of the various physical and logical parts of the network, both devices and links.
•
Introduction
The topology tool includes three types of views:
•
•
•
In addition, this chapter describes the following features:
•
•
Please note that some details, such as window decorations, are system specific and may appear differently in different environments. However, the functionality should remain consistent.
Requirements
To run the topology tool, Java Webstart and JRE 1.4.0 must be installed on the client system.
Conventions
Topology software uses several conventions to visually communicate information about displayed objects. The shape of a node representing a device depends on the role of the device, as listed in Table 4-2:
The icon inside the node reflects the device type. Table 4-3 shows the icons used by the topology viewer:
Additional icons, used to represent provider's regions and interfaces associated with devices, are shown in Table 4-4:
Each link type is marked with one of the four colors shown in Table 4-5. Thin, 1-point wide links are used to express presumed connectivity, such as an interface associated with a device or a provider device associated with a region.
Table 4-5 Link Type Color Scheme
(green)
End-to-end wire
(purple)
Attachment circuit
(light blue)
IPsec tunnel
(brown)
MPLS VPN link
Finally, the four patterns shown in Table 4-6 are used to indicate the service request state:
Table 4-6 Link State Pattern Scheme
Deployed, functional, pending
Failed audit, invalid, broken, lost
Wait deploy, requested, failed deploy
Closed
Accessing the Topology Tool
To access the Topology tool, use the following steps:
Step 1
The message "Starting the ISC Web Start Application. Please wait..." is displayed while information is gathered for the specific topology.
Step 2
The Topology window shown in Figure 4-69 appears.
Figure 4-69 Topology Application Window
The application window is divided into four areas, as shown in Figure 4-69:
•
•
•
•
Note
Views are loaded, saved, and closed using the File menu, as shown in Figure 4-70.
Figure 4-70 The File Menu
The File menu contains the following menu items:
Open Opens a view
Save Saves the open and active view with the existing file name, if any
Save as... Prompts you to enter a file name to save the open and active view
Save All Saves all open views
Close Closes the open and active view
Close All Closes all open views
Print... Prints the open and active view
Exit Exits the Topology tool.
Types of Views
There are three view panes in the topology application and they are described in the following sections:
•
•
•
The view attributes may be changed using the View menu, as shown in Figure 4-71.
Figure 4-71 The View Menu
The View menu contains the following menu items:
Anti-Aliasing—When drawing a view, this creates smoother lines and a more pleasant appearance at the expense of performance.
Grid—Activates a magnetic grid. The grid has a 10 by 10 spacing and may be used to help align nodes in a view.
Auto-Layout—Generates an automatic layout of nodes in a view. If selected, the program tries to find the most presentable arrangement of nodes.
Zoom—Opens a dialog where the desired magnification level can be specified.
Zoom In— Increases the magnification level.
Zoom Out—Decreases the magnification level.
Refresh—Regenerates the view. This is especially useful if the data in the repository changes. To see an updated view, select Refresh or click the Refresh toolbar button.
VPN View
The VPN view shows connectivity between devices forming a given VPN. To activate the VPN view, use the following steps:
Step 1
or
click the Open button in the tool bar.
The Open dialog box appears.
Step 2
This opens the VPN View, as shown in Figure 4-72.
A single view may show a combination of MPLS, Layer 2, and IPsec VPNs. For MPLS and IPsec, only the Customer Premises Equipment devices (CPEs) are shown. The Layer 2 VPN may in addition to CPEs show connectivity between Customer Location Edge devices (CLEs) or Provider Edge devices (PE).
Figure 4-72 VPN View
Logical View
The logical view shows connectivity, created through service requests, between provider edge devices (PEs) and customer edge devices (CEs) of a given region.
To activate the logical view, use the following steps:
Step 1
or
click the Open button in the tool bar.
The Open dialog box appears.
Step 2
Step 3
Step 4
This creates a logical view for the selected region of the chosen provider, as shown in Figure 4-73.
Figure 4-73 Logical View
In a created view, the round node, usually located in the center of the graph, is the node representing a given region of a provider. The node is annotated with the name of the region and the name of the provider. You may right-click on the node and select Region... in the pop-up menu to view a tabulated list of regional properties.
Each node directly connected to the regional node represents a PE. The icon and the shape of a node depends on the type and the role of the device it represents (refer to the "Conventions" section).
Each PE is annotated with the fully-qualified device name and the management IP address. A right-click on a node displays the details of the logical and physical device, interfaces, and service requests (SR) associated with the node, as shown in Figure 4-74. For the regional node, details are shown in a tabulated form.
Figure 4-74 Interface Details Table
Each PE may be logically connected to one or more CPEs. Such connections are created by either MPLS VPN links, Layer 2 Logical Links, or IPsec service request tunnels. Each such connection is represented by an edge linking the given PE to a CPE. If there are more connections between a particular PE and CPE, all of them are shown. Depending on the state of a connection, the edge is drawn using a solid line (for functioning connections), dotted line (for broken connections), or dashed line (for connections yet to be established).
Depending on the connection type, the connection is drawn as described in Table 4-4.
In the Overview area, a direct connection is drawn between a CPE and a PE, even if a number of devices are forming such a connection. To view the details of a connection, right-click on it and select the Expand option from a pop-up menu. The expanded view, displayed in a new tab, shows all devices and interfaces making a given PE to CPE connection, as shown in Figure 4-75.
Figure 4-75 Detailed Connection View
Physical View
A physical view shows all named physical circuits defined for PEs in a given region. Each named physical circuit is represented as a sequence of connections leading from a PE through its interfaces to interfaces of CLEs or CPEs. All physical links between PEs of a given region and their CLEs or CPEs are shown. Since physical links are assumed to be in a perfect operational order, edges are always drawn with solid lines.
To activate the physical view, use the following steps:
Step 1
or
click the Open button in the tool bar.
The Open dialog box appears.
Step 2
Step 3
Step 4
Figure 4-76 Physical View
In this view, each device is connected with a thin line to the interfaces it owns. Interfaces are connected to other interfaces with thick lines. If there is more than one connection between two interfaces, they are spaced to show all of them.
The tree shows devices and connections. Each device may be a folder, holding all interfaces connected to it.
Filtering and Searching
On large graphs, the amount of detail can be overwhelming. In such cases, filtering might help eliminate unnecessary details, while searching can lead to a prompt location of a device you wish to examine further.
Both advanced filtering and searching use the same dialog to enter conditions on nodes to be either filtered or located. The filtering area also allows you to quickly filter viewed objects by name.
Filtering
The topology view can be filtered in two ways, simple and advanced.
Simple Filtering
To perform simple filtering of the view, do as follows:
Step 1
Step 2
For example, to locate nodes that contain string router in their name you would enter router in area (4) and click Enter. All objects whose name does not contain the entered string are dimmed, as shown in Figure 4-77.
Figure 4-77 Physical View with Dimmed Nodes
Note
Advanced Filtering
To perform advanced filtering, do as follows:
Step 1
Step 2
The dialog allows you to enter one or more conditions on filtered nodes. The first drop-down menu allows you to specify the attribute by which the filtering is performed. The second allows you to decide how the matching between the value of the attribute and text entered in the third column is performed.
The following matching modes are supported from the drop-down menu:
•
•
•
•
•
Figure 4-78 Advanced Filter dialog
By checking one of the two radio buttons, Match any conditions or Match all conditions, you may request that any or all of the conditions are matched. In the first case, you may look for devices where, for example, the name contains cisco and the management IP address ends with 204. When all conditions need to be met, it is possible to look for devices that, for example, have a given name and platform.
Click More or Fewer to add more rows of conditions or remove existing rows of conditions.
By default, all matches are performed without regard for upper or lower case. However, in some cases it is beneficial to have a more exact matching that takes the case into account. To do so, check the Match case checkbox.
Step 3
The Clear button allows you to clear all conditions. Clicking Clear followed by OK effectively removes all filtering, restoring all nodes to their default brightness level. If filtering is active, the same can be achieved by clicking Clear in area (4) of the main window, as shown in Figure 4-69.
Searching
Searching can be conducted by using the menus or the tool bar. To perform a search, do as follows:
Step 1
or
Click the Find icon in the main toolbar.
Both approaches bring up the same dialog box, as shown in Figure 4-79.
Again, you may enter one or more conditions to locate the node.
Figure 4-79 Find Dialog Box
Step 2
Step 3
Step 4
Using Maps
You may associate a map with each view. Currently, the topology viewer only supports maps in the Environmental Systems Research Institute, Inc. (ESRI) shape format. The following sections describe how to load maps and selectively view map layers and data associated with each map.
The map features are accessed from the Map menu shown in Figure 4-80.
Figure 4-80 The Map Menu
The Map menu contains the following menu items:
•
•
•
Loading a map
You may wish to set a background map showing the physical locations of the displayed devices. To load a map, use the following steps:
Step 1
or
Press Ctrl-M
Providing the web map server is running and operational, the Load Map window appears, as shown in Figure 4-81.
Figure 4-81 Load Map Window
Step 2
The right-hand side of the window contains a small control panel, which allows you to select the projection in which a map is shown. A map projection is a projection that maps a sphere onto a plane. Typical projections are Mercator, Lambert, and Stereographic.
For more information on projections, consult the Map Projections section of Eric Weisstein's World of Mathematics at:
http://mathworld.wolfram.com/topics/MapProjections.html
For each projection, you may also select the region of the map to be shown. In most cases, the predefined values should be sufficient. The top level the file hierarchy should contain folders for all major regions, such as Europe, North America, Oceania, and so on.
If desired, make changes to the settings in the Longitude Range and Latitude Range fields.
Step 3
Each folder may contain either complete maps or folders for countries. Each map is clearly distinguished with the Map icon.
Step 4
Selecting the map file and clicking the Open button starts loading it. Maps may consist of several components and thus a progress dialog is shown informing you which part of the map file is loaded.
Layers
Each map may contain several layers. For example most country maps have country, region, and city layers, as shown in Figure 4-82.
Figure 4-82 Map Layers
After a map is loaded, the View submenu of the Map menu is automatically populated for you. A name of each available layer is shown together with the checkbox indicating visibility of the layer. If a given map shows too many details, you may turn off some or all layers by deselecting the corresponding checkbox(es). The same submenu can be used to restore visibility of layers.
If an incorrect map is loaded or the performance of the topology tool is unsatisfactory with the map loaded you may clear the map entirely. To do this, select Clear Map from the Map menu. Maps are automatically cleared if another map is loaded.
Consequently if you wish just to load another map, there is no need to clear the existing map. The act of loading a new map does this.
Map data
If map data files are successfully loaded with the map, the right field of the Status bar shows the longitude and latitude location of the cursor on the map. If map objects, such as cities, lakes, and so on, have data associated with them, their names are displayed after the longitude and latitude coordinates.
Node locations
Once a map is successfully loaded, the view area is adjusted to fully accommodate it, as shown in Figure 4-83. If nodes shown on the window had longitude and latitude information associated with them, they are moved to locations on the map corresponding to their geographical location. If not, their positions remain unchanged.
However, you may manually move them to the desired location and save the positions for future reference. The next time the image of a given network is loaded, node positions are restored and the map file is loaded.
Figure 4-83 Physical View with a Map of Japan
Adding new maps
You may need to add your own maps to the selection of maps available to the topology application. This is done by placing a map file in the desired directory within the ISC installation. To make this example more accessible, assume that you wish to add a map of Toowong, a suburb of Brisbane, the capital of Queensland. The first step to do so is to obtain maps from a map vendor. All maps must be in the ESRI shape file format (see ESRI shapefile technical description). In addition, a data file may accompany each shape file. Data files contain information about objects whose shapes are contained within the shape file. Let us assume that the vendor provided four files:
•
•
•
•
We need to create a map file that informs the topology application about layers of the map. In this case we have two layers: a city and a street layer. The map file, say, Toowong.map, would thus have the following contents:
toowong_citytoowong_streetIt lists all layers that create a map of Toowong. The order is important, as the first file forms the background layer, with other layers placed on top of the preceding layers.
Having obtained shape and data files and having written the map file, decide on its location. As mentioned, Toowong is a suburb of Brisbane, located in Queensland, Australia. All map files must be located in or under the $ISC_HOME/resources/webserver/tomcat/webapps/ipsc-maps/data directory. Since by default this directory contains a directory called Oceania intended for all maps from that region, simply create a path Australia/Queensland/Brisbane under the directory Oceania. Next, place all five files in this location. Once this is done, the map is automatically accessible to the topology viewer.
Devices
Every network element that ISC manages must be defined as a device in the system. An element is any device from which ISC can collect information. In most cases, devices are Cisco IOS routers that function as edge routers in the IPsec VPN, or as Provider Edge Routers (PEs) or Customer Edge Routers (CEs) in the MPLS VPN.
This section describes how to define, edit, delete, and configure various types of supported devices. This section includes the following:
•
Accessing the Devices Window
The Devices feature is used to create, edit, delete, and configure devices, and e-mail the device owner.
To access the Devices window, do the following:
Step 1
Figure 4-84 Devices List Window
The Devices window contains the following:
Device Name Lists the fully qualified host and domain name of the device. You can sort the list of devices by device name.
Management IP Address Lists the management IP address or the IE2100 address. You can sort the list of devices by this field.
Type Lists the type of the device. Types include: Cisco IOS Device, CatOs Device, Terminal Server, VPN 3000, PIX Firewall, and IE2100.
In the Devices window, you can create, edit, delete, or configure devices or e-mail the device owner using the following buttons:
Create Click to create new devices. Enabled only if no devices are selected.
Edit Click to edit selected device (select device by clicking the corresponding box). Enabled only if a single device is selected.
Delete Click to delete selected device (select device by clicking the corresponding box). Enabled only if one or more devices are selected.
Config Click to change the selected device configuration (select device by clicking the corresponding box). Enabled only if a single device is selected.
E-mail Click to send e-mail to the owner of selected device (select device by clicking the corresponding box). Enabled only if one or more devices are selected.
Creating a Device
From the Create window, you can define different types of devices.
To create a device, do the following:
Step 1
Step 2
The Create options appear, as shown in Figure 4-85.
Figure 4-85 Create Options Window
The Create options include the following:
Cisco IOS Device Any router that runs the Cisco IOS. This includes Catalyst devices running Cisco IOS.
CatOs Device A Catalyst device running the Catalyst Operating System.
Terminal Server A device that represents the workstation that can be used to provision edge routers.
VPN 3000 Any router in the Cisco VPN 3000 Series Concentrator family.
PIX Firewall Any Cisco PIX Firewall.
IE2100 Any Cisco Intelligence Engine (IE) 2100 series network device.
Step 3
Creating a Cisco IOS Device
To create a Cisco IOS device, do the following:
Step 1
Step 2
Step 3
The Create Cisco IOS Device window appears, as shown in Figure 4-86.
Figure 4-86 Create Cisco IOS Device Window
The General section of the Create Cisco IOS Device window contains the following fields:
Device Host Name Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. This field is required and must match the name configured on the target router device. Limited to 256 characters.
Device Domain Name (optional) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. The name must match the domain name on the target router device.
Description (optional) Limited to 80 characters. May contain any pertinent information about the device such as the type of device, its location, or other information that may be helpful to service provider operators.
Collection Zone (optional) Drop down list of all collection zones within the ISC. Choices include: None and all collection zones within the ISC. Default: None.
Management IP Address (optional) Valid IP address of the device that ISC uses to configure the target router device.
Interfaces (optional) Click the Edit button to view, add, edit, and delete all interfaces associated with the device. Refer to Table 4-7 for a description of the Interface fields.
Associated Groups (optional) Click the Edit button to view, add, and remove all Device Group associations.
The Login and Password Information section of the Create Cisco IOS Device window contains the following fields:
Login User (optional) Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Login Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Verify Login Password (optional) Displayed as stars (*). Must match the Login Password field. Limited to 80 characters.
Enable User (optional) Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Enable Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Verify Enable Password (optional) Displayed as stars (*). Must match the Enable Password field. Limited to 80 characters.
The Device and Configuration Access Information section of the Create Cisco IOS Device window contains the following fields:
Terminal Session Protocol (optional) Configures the method of communication between ISC and the device. Choices include: Telnet, Secure Shell (SSH), and CNS. In previous versions of ISC this field was called the Transport field. Default: Terminal.
Config Access Protocol (optional) Administers the access protocol for config upload and download. Choices include: Terminal, TFTP, and FTP. Default: Terminal.
SNMP Version (optional) Configures the version of SNMP to use when communicating with the device. Choices include: SNMP v1/v2c and SNMP v3. Default: SNMP v1/v2c.
The SNMP v1/v2c section of the Create Cisco IOS Device window contains the following fields:
Community String RO (required) SNMP Read-Only Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Community String RW (required) SNMP Read-Write Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Step 4
Step 5
The Cisco IOS Device Properties window appears, as shown in Figure 4-87.
Figure 4-87 Cisco IOS Device Properties Window
The SNMP v3 section of the Cisco IOS Device Properties window contains the following fields:
SNMP Security Level (optional) Choices include: No Authentication/No Encryption, Authentication/No Encryption, and Authentication/Encryption. Default: No Authentication/No Encryption.
Authentication User Name (optional) User name configured on the specified device router. User must have permission to the object identification numbers (OIDs) specified in the security request (that is, write permission for a set request, and read permission for a get request). Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Limited to 80 characters.
Authentication Password (optional) Displayed as stars (*). Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Should match what is configured on the target router device. Limited to 80 characters.
Verify Authentication Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Authentication Algorithm (optional) Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Choices include: None, MD5, and SHA. Default: None.
Encryption Password (optional) Displayed as stars (*). In previous versions of ISC, this field was called Privacy Password. Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Limited to 80 characters.
Verify Encryption Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Encryption Algorithm (optional) In previous versions of ISC, this field was called Privacy Protocol. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Choices include: None and DES 56. Default: None.
The Terminal Server and CNS Options section of the Cisco IOS Device Properties window contains the following fields:
Terminal Server (optional) Choices include: None and the list of existing Terminal Server names. Default: None.
Port Number (optional) Disabled until a Terminal Server is selected. Range: 0-65535. Default: 0.
CNS Identification Required if the Device Event Identification field is set to CNS_ID. Only valid characters that Cisco IOS allows are alphanumeric characters and (.) (-) (_).
Device State (optional) Choices include: ACTIVE and INACTIVE. ACTIVE indicates that the router has been plugged on the network and can be part of ISC tasks such as collect config and provisioning. INACTIVE indicates the router has not been plugged-in. Default: ACTIVE.
Device Event Identification (optional) Indicates whether the CNS Identification field contains a HOST_NAME or CNS_ID. Default: HOST_NAME.
IE2100 (optional) Disabled unless the Device State field is INACTIVE or the Terminal Session Protocol field is CNS. A valid IE2100 must be selected if the Terminal Session Protocol is CNS. Choices include: None and the list of existing IE2100 names. Default: None.
The Device Platform Information section of the Cisco IOS Device Properties window contains the following fields:
Platform (optional) Should match what is configured on the target router device. Limited to 80 characters.
Software Version (optional) Should match what is configured on the target router device. Limited to 80 characters.
Image Name (optional) Should match what is configured on the target router device. Limited to 80 characters.
Serial Number (optional) Should match what is configured on the target router device. Limited to 80 characters.
Device Owner's Email Address (optional) Used in the To: field when the Email button is selected from the device list. Limited to 80 characters and must be valid Email format.
Step 6
Step 7
Step 8
The Devices window reappears with the new Cisco IOS device listed.
Creating a CatOs Device
To create a CatOs device, do the following:
Step 1
Step 2
Step 3
The Create Catalyst Device window appears, as shown in Figure 4-88.
Figure 4-88 Create Catalyst Device Window
The General section of the Create Catalyst Device window contains the following fields:
Device Host Name (required) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. This field must match the name configured on the target router device. Limited to 256 characters.
Device Domain Name (optional) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. The name must match the domain name on the target router device.
Description (optional) Limited to 80 characters. May contain any pertinent information about the device such as the type of device, its location, or other information that may be helpful to service provider operators.
Collection Zone (optional) Drop down list of all collection zones within the ISC. Choices include: None and all collection zones within the ISC. Default: None.
Management IP Address (optional) Valid IP address of the device that ISC uses to configure the target router device.
Interfaces (optional) Click the Edit button to view, add, edit, and delete all interfaces associated with the device. Refer to Table 4-8 for a description of the Interfaces fields.
Associated Groups (optional) Click the Edit button to view, add, and remove all Device Group associations.
The Login and Password Information section of the Create Catalyst Device window contains the following fields:
Login User (optional) Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Login Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Verify Login Password (optional) Displayed as stars (*). Must match the Login Password field. Limited to 80 characters.
Enable User (optional) Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Enable Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Verify Enable Password (optional) Displayed as stars (*). Must match the Enable Password field. Limited to 80 characters.
The Device and Configuration Access Information section of the Create Catalyst Device window contains the following fields:
Terminal Session Protocol (optional) Configures the method of communication between ISC and the device. Choices include: Telnet, Secure Shell (SSH), and CNS. In previous versions of ISC, this field was called the Transport field. Default: Telnet.
Config Access Protocol (optional) Administers the access protocol for config upload and download. Choices include: Terminal, TFTP, and FTP. Default: Terminal.
SNMP Version (optional) Configures the version of SNMP to use when communicating with the device. Choices include: SNMP v1/v2c and SNMP v3. Default: SNMP v1/v2c.
The SNMP v1/v2c section of the Create Catalyst Device window contains the following fields:
Community String RO (required) SNMP Read-Only Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Community String RW (required) SNMP Read-Write Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Step 4
Step 5
The Catalyst Device Properties window appears, as shown in Figure 4-89.
Figure 4-89 Catalyst Device Properties Window
The SNMP v3 section of the Catalyst Device Properties window contains the following fields:
SNMP Security Level (optional) Choices include: No Authentication/No Encryption, Authentication/No Encryption, and Authentication/Encryption. Default: No Authentication/No Encryption.
Authentication User Name (optional) User name configured on the specified device router. User must have permission to the object identification numbers (OIDs) specified in the security request (that is, write permission for a set request, and read permission for a get request). Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Limited to 80 characters.
Authentication Password (optional) Displayed as stars (*). Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Should match what is configured on the target router device. Limited to 80 characters.
Verify Authentication Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Authentication Algorithm (optional) Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Choices include: None, MD5, and SHA. Default: None.
Encryption Password (optional) Displayed as stars (*). In previous versions of ISC, this field was called Privacy Password. Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Limited to 80 characters.
Verify Encryption Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Encryption Algorithm (optional) In previous versions of ISC, this field was called Privacy Protocol. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Choices include: None and DES 56. Default: None.
The Terminal Server Options section of the Catalyst Device Properties window contains the following fields:
Terminal Server (optional) Choices include: None and the list of existing Terminal Server names. Default: None.
Port Number (optional) Disabled until a Terminal Server is selected. Range: 0-65535. Default: 0.
The Device Platform Information section of the Cisco IOS Device Properties window contains the following fields:
Platform (optional) Should match what is configured on the target router device. Limited to 80 characters.
Software Version (optional) Should match what is configured on the target router device. Limited to 80 characters.
Image Name (optional) Should match what is configured on the target router device. Limited to 80 characters.
Serial Number (optional) Should match what is configured on the target router device. Limited to 80 characters.
Device Owner's Email Address (optional) Used in the To: field when the Email button is selected from the device list. Limited to 80 characters and must be valid Email format.
Step 6
Step 7
Step 8
The Devices window reappears with the new Catalyst device listed.
Creating a Terminal Server
To create a Terminal Server device, do the following:
Step 1
Step 2
Step 3
The Create Terminal Server window appears, as shown in Figure 4-90.
Figure 4-90 Create Terminal Server Window
The General section of the Create Terminal Server window contains the following fields:
Device Host Name (required) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. This field must match the name configured on the target router device. Limited to 256 characters.
Device Domain Name (optional) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. The name must match the domain name on the target router device.
Description (optional) Limited to 80 characters. May contain any pertinent information about the device such as the type of device, its location, or other information that may be helpful to service provider operators.
Collection Zone (optional) Drop down list of all collection zones within the ISC. Choices include: None and all collection zones within the ISC. Default: None.
Management IP Address (optional) Valid IP address of the device that ISC uses to configure the target router device.
Interfaces (optional) Click the Edit button to view, add, edit, and delete all interfaces associated with the device. Refer to Table 4-9 for a description of the Interfaces fields.
Associated Groups (optional) Click the Edit button to view, add, and remove all Device Group associations.
The Login and Password Information section of the Create Terminal Server window contains the following fields:
Login User (optional) Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Login Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Verify Login Password (optional) Displayed as stars (*). Must match the Login Password field. Limited to 80 characters.
Enable User (optional) Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Enable Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Verify Enable Password (optional) Displayed as stars (*). Must match the Enable Password field. Limited to 80 characters.
The Device and Configuration Access Information section of the Create Terminal Server window contains the following fields:
Terminal Session Protocol (optional) Configures the method of communication between ISC and the device. Choices include: Telnet, Secure Shell (SSH), and CNS. In previous versions of ISC, this field was called the Transport field. Default: Telnet.
Config Access Protocol (optional) Administers the access protocol for config upload and download. Choices include: Terminal, TFTP, and FTP. Default: Terminal.
SNMP Version (optional) Configures the version of SNMP to use when communicating with the device. Choices include: SNMP v1/v2c and SNMP v3. Default: SNMP v1/v2c.
The SNMP v1/v2c section of the Create Terminal Server window contains the following fields:
Community String RO (required) SNMP Read-Only Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Community String RW (required) SNMP Read-Write Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Step 4
Step 5
The Terminal Server Device Properties window appears, as shown in Figure 4-91.
Figure 4-91 Terminal Server Device Properties Window
The SNMP v3 section of the Terminal Server Device Properties window contains the following fields:
SNMP Security Level (optional) Choices include: No Authentication/No Encryption, Authentication/No Encryption, and Authentication/Encryption. Default: No Authentication/No Encryption.
Authentication User Name (optional) User name configured on the specified device router. User must have permission to the object identification numbers (OIDs) specified in the security request (that is, write permission for a set request, and read permission for a get request). Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Limited to 80 characters.
Authentication Password (optional) Displayed as stars (*). Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Should match what is configured on the target router device. Limited to 80 characters.
Verify Authentication Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Authentication Algorithm (optional) Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Choices include: None, MD5, and SHA. Default: None.
Encryption Password (optional) Displayed as stars (*). In previous versions of ISC, this field was called Privacy Password. Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Limited to 80 characters.
Verify Encryption Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Encryption Algorithm (optional) In previous versions of ISC, this field was called Privacy Protocol. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Choices include: None and DES 56. Default: None.
The Device Platform Information section of the Terminal Server Device Properties window contains the following fields:
Platform (optional) Should match what is configured on the target router device. Limited to 80 characters.
Software Version (optional) Should match what is configured on the target router device. Limited to 80 characters.
Image Name (optional) Should match what is configured on the target router device. Limited to 80 characters.
Serial Number (optional) Should match what is configured on the target router device. Limited to 80 characters.
Device Owner's Email Address (optional) Used in the To: field when the Email button is selected from the device list. Limited to 80 characters and must be valid Email format.
Step 6
Step 7
Step 8
The Devices window reappears with the new Terminal Server device listed.
Creating a VPN 3000
To create a VPN 3000 device, do the following:
Step 1
Step 2
Step 3
The Create VPN 3000 Device window appears, as shown in Figure 4-92.
Figure 4-92 Create VPN 3000 Device Window
The General section of the Create VPN 3000 Device window contains the following fields:
Device Host Name (required) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. This field must match the name configured on the target router device. Limited to 255 characters.
Device Domain Name (optional) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. The name must match the domain name on the target router device.
Description (optional) Limited to 80 characters. May contain any pertinent information about the device such as the type of device, its location, or other information that may be helpful to service provider operators.
Collection Zone (optional) Drop down list of all collection zones within the ISC. Choices include: None and all collection zones within the ISC. Default: None.
Management IP Address (optional) Valid IP address of the device that ISC uses to configure the target router device.
Interfaces (optional) Click the Edit button to view, add, edit, and delete all interfaces associated with the device. Refer to Table 4-10 for a description of the Interfaces fields.
Associated Groups (optional) Click the Edit button to view, add, and remove all Device Group associations.
The Login and Password Information section of the Create VPN 3000 Device window contains the following fields:
Login User (optional) Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Login Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Verify Login Password (optional) Displayed as stars (*). Must match the Login Password field. Limited to 80 characters.
The Device Platform Information section of the Create VPN 3000 Device window contains the following fields:
Platform (optional) Should match what is configured on the target router device. Limited to 80 characters.
Software Version (optional) Should match what is configured on the target router device. Limited to 80 characters.
Image Name (optional) Should match what is configured on the target router device. Limited to 80 characters.
Serial Number (optional) Should match what is configured on the target router device. Limited to 80 characters.
Device Owner's Email Address (optional) Used in the To: field when the Email button is selected from the device list. Limited to 80 characters and must be valid Email format.
Step 4
Step 5
The Devices window reappears with the new VPN 3000 device listed.
Creating a PIX Firewall
To create a PIX Firewall device, do the following:
Step 1
Step 2
Step 3
The Create PIX Firewall window appears, as shown in Figure 4-93.
Figure 4-93 Create PIX Firewall Window
The General section of the Create PIX Firewall window contains the following fields:
Device Host Name (required) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. This field must match the name configured on the target router device. Limited to 256 characters.
Device Domain Name (optional) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. The name must match the domain name on the target router device.
Description (optional) Limited to 80 characters. May contain any pertinent information about the device such as the type of device, its location, or other information that may be helpful to service provider operators.
Collection Zone (optional) Drop down list of all collection zones within the ISC. Choices include: None and all collection zones within the ISC. Default: None.
Management IP Address (optional) Valid IP address of the device that ISC uses to configure the target router device.
Interfaces (optional) Click the Edit button to view, add, edit, and delete all interfaces associated with the device. Refer to Table 4-11 for a description of the Interfaces fields.
Associated Groups (optional) Click the Edit button to view, add, and remove all Device Group associations.
The Login and Password Information section of the Create PIX Firewall window contains the following fields:
Login User (optional) Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Login Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download will not function without the Login User and Login Password as ISC will not be able to access the device. Should match what is configured on the target router device. Limited to 80 characters.
Verify Login Password (optional) Displayed as stars (*). Must match the Login Password field. Limited to 80 characters.
Enable User (optional) Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Enable Password (optional) Displayed as stars (*). Not required by ISC. However, collection and upload/download only function if the Login User has sufficient privileges to configure the router in EXEC mode. Should match what is configured on the target router device. Limited to 80 characters.
Verify Enable Password (optional) Displayed as stars (*). Must match the Enable Password field. Limited to 80 characters.
The Device and Configuration Access Information section of the Create PIX Firewall window contains the following fields:
Terminal Session Protocol (optional) Configures the method of communication between ISC and the device. Choices include: Telnet, Secure Shell (SSH), and CNS. In previous versions of ISC, this field was called the Transport field. Default: Telnet.
Config Access Protocol (optional) Administers the access protocol for config upload and download. Choices include: Terminal, TFTP, and FTP. Default: Terminal.
SNMP Version (optional) Configures the version of SNMP to use when communicating with the device. Choices include: SNMP v1/v2c and SNMP v3. Default: SNMP v1/v2c.
The SNMP v1/v2c section of the Create PIX Firewall window contains the following fields:
Community String RO (required) SNMP Read-Only Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Community String RW (required) SNMP Read-Write Community String. Many tasks use SNMP to access the device. This field must match what is configured on the target router device. Limited to 80 characters.
Step 4
Step 5
The PIX Device Properties window appears, as shown in Figure 4-94.
Figure 4-94 PIX Device Properties Window
The SNMP v3 section of the PIX Device Properties window contains the following fields:
SNMP Security Level (optional) Choices include: No Authentication/No Encryption, Authentication/No Encryption, and Authentication/Encryption. Default: No Authentication/No Encryption.
Authentication User Name (optional) User name configured on the specified device router. User must have permission to the object identification numbers (OIDs) specified in the security request (that is, write permission for a set request, and read permission for a get request). Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Limited to 80 characters.
Authentication Password (optional) Displayed as stars (*). Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Should match what is configured on the target router device. Limited to 80 characters.
Verify Authentication Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Authentication Algorithm (optional) Should be provisioned if the SNMP Security Level is Authentication/No Encryption or Authentication/Encryption. Choices include: None, MD5, and SHA. Default: None.
Encryption Password (optional) Displayed as stars (*). In previous versions of ISC, this field was called Privacy Password. Should match what is configured on the target router device. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Limited to 80 characters.
Verify Encryption Password (optional) Displayed as stars (*). Must match the Encryption Password field. Limited to 80 characters.
Encryption Algorithm (optional) In previous versions of ISC, this field was called Privacy Protocol. Should be provisioned if the SNMP Security Level is Authentication/Encryption. Choices include: None and DES 56. Default: None.
The Terminal Server Options section of the PIX Device Properties window contains the following fields:
Terminal Server (optional) Choices include: None and the list of existing Terminal Server names. Default: None.
Port (optional) Disabled until a Terminal Server is selected. Range: 0-65535. Default: 0.
The Failover Options section of the PIX Device Properties window contains the following fields:
Failover Type Determines whether failover is enabled for this PIX device. Choices: None, Normal, and Stateful. Default: None.
LAN Based Failover (optional) Enabled only if the Failover Type is Normal or Stateful.
Failover LAN Key (optional) The key used in LAN based Failover. Limited to 20 characters.
The Device Platform Information section of the PIX Device Properties window contains the following fields:
Platform (optional) Should match what is configured on the target router device. Limited to 80 characters.
Software Version (optional) Should match what is configured on the target router device. Limited to 80 characters.
Image Name (optional) Should match what is configured on the target router device. Limited to 80 characters.
Serial Number (optional) Should match what is configured on the target router device. Limited to 80 characters.
Device Owner's Email Address (optional) Used in the To: field when the Email button is selected from the device list. Limited to 80 characters and must be valid Email format.
Step 6
Step 7
Step 8
The Devices window reappears with the new PIX Firewall device listed.
Creating a Cisco CNS IE2100
Note
To create a Cisco CNS IE2100 appliance, do the following:
Step 1
Step 2
Step 3
The Create IE2100 Device window appears, as shown in Figure 4-95.
Figure 4-95 Create IE2100 Device Window
The General section of the Create IE2100 Device window contains the following fields:
Device Host Name (required) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. This field must match the name configured on the target router device. Limited to 256 characters.
Device Domain Name (optional) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. The name must match the domain name on the target router device.
Description (optional) Limited to 80 characters. May contain any pertinent information about the device such as the type of device, its location, or other information that may be helpful to service provider operators.
IP Address (optional) Valid IP address of the Cisco CNS IE2100 device that ISC uses to configure the target router device.
Step 4
Step 5
The Devices window reappears with the new Cisco CNS IE2100 device listed.
Editing a Device
From the Edit window, you can modify the fields that have been specified for a particular device.
To access the Edit window, do the following:
Step 1
Figure 4-96 Devices List Window
Step 2
Step 3
The Edit window appropriate to the type of device selected appears. For example, if you selected a Cisco IOS device the Edit Cisco IOS Device window appears, as shown in Figure 4-97.
Figure 4-97 Editing a Device Window
Step 4
Step 5
The changes are saved and the Devices window reappears.
Deleting Devices
From the Delete window, you can remove selected devices from the database.
To access the Delete window, do the following:
Step 1
Figure 4-98 Devices List Window
Step 2
Step 3
The Confirm Delete window appears, as shown in Figure 4-99.
Figure 4-99 Confirm Delete Window
Step 4
The Devices window reappears with the specified device(s) deleted.
Editing a Device Configuration
From the Config window, you can edit the configuration for a specified device.
To access the Config window, do the following:
Step 1
Figure 4-100 Devices List Window
Step 2
Step 3
The Device Configurations window for the selected device appears, as shown in Figure 4-101.
Figure 4-101 Device Configurations Window
Step 4
The Device Configuration window for the selected device appears, as shown in Figure 4-102.
Figure 4-102 Device Configuration Window
Step 5
Step 6
The changes are saved and the Device Configurations window reappears.
Step 7
E-mailing a Device's Owner
From the E-mail window, you can send a device report via e-mail to the owners of specified devices.
To access the E-mail window, do the following:
Step 1
Figure 4-103 Devices List Window
Step 2
Step 3
The Send Mail to Device Owners window appears, as shown in Figure 4-104.
Figure 4-104 Send Mail to Device Owners Window
Step 4
Step 5
The e-mail is sent and the Devices window reappears.
Device Groups
Every network element that ISC manages must be defined as a device in the system. Once you have defined your network elements as devices, you can organize the devices into groups for collection and management purposes.
This section describes how to create, edit, and delete device groups and e-mail device group owners. This section includes the following:
•
Accessing the Device Groups Window
The Device Groups feature is used to create, edit, and delete device groups and e-mail device group owners.
To access the Device Groups window, do the following:
Step 1
Figure 4-105 Device Groups Window
The Device Groups window contains the following:
Device Group Name Lists the name of the device group. You can sort the list by device group name.
Description Lists the description of the device group.
From the Device Groups window, you can create, edit, or delete device groups or e-mail device group owners using the following buttons:
Create Click to create new device groups. Enabled only if no device group is selected.
Edit Click to edit a selected device group (select device group by clicking the corresponding box). Enabled only if a single device group is selected.
Delete Click to delete selected device group(s) (select device group by clicking the corresponding box). Enabled only if one or more device groups are selected.
E-mail Click to send e-mail to the owner of a selected device group (select device group by clicking the corresponding box). Enabled only if one or more device groups are selected.
Creating a Device Group
From the Create Device Group window, you can create different device groups.
To create a device group, do the following:
Step 1
Step 2
The Create Device Group window appears, as shown in Figure 4-106.
Figure 4-106 Create Device Group Window
The Create Device Group window contains the following fields:
Name (required) Must begin with a letter, digit, or underscore followed by letters, digits, underscores, spaces, hyphens, or dots ending with a letter, digit, or underscore. Limited to 80 characters.
Description (optional) Any pertinent information about the device group that could be helpful to service provider operators. Limited to 512 characters.
Step 3
Step 4
The Select Group Members window appears, as shown in Figure 4-107.
Figure 4-107 Select Group Members Window
Step 5
Step 6
The Create Device Group window appears listing the selected devices, as shown in Figure 4-108.
Figure 4-108 Create Device Group Window
Step 7
The Device Groups window reappears with the new device group listed.
Editing a Device Group
From the Edit Device Group window, you can modify the fields that have been specified for a particular device group.
To access the Edit Device Group window, do the following:
Step 1
Step 2
Step 3
The Edit Device Group window appears, as shown in Figure 4-109.
Figure 4-109 Edit Device Group Window
Step 4
Step 5
The changes are saved and the Device Groups window reappears.
Deleting Device Groups
From the Delete window, you can remove selected device groups from the database.
To access the Delete window, do the following:
Step 1
Step 2
Step 3
The Confirm Delete window appears, as shown in Figure 4-110.
Figure 4-110 Confirm Delete Window
Step 4
The Device Groups window reappears with the specified device group(s) deleted.
E-mailing a Device Group
From the E-mail window, you can send a device report via e-mail to the owners of specified device groups.
To access the E-mail window, do the following:
Step 1
Step 2
Step 3
The Send Mail to Device owners of selected groups window appears, as shown in Figure 4-111.
Figure 4-111 Send Mail to Device Owners of Selected Groups Window
Step 4
Step 5
The e-mail is sent and the Device Groups window reappears.
Customers
A customer site is a set of IP systems with mutual IP connectivity between them without the use of a VPN. Each customer site belongs to exactly one customer. A customer site can contain one or more (for load balancing) edge device routers. This section describes how to create, edit, and delete customers. This section includes the following:
•
Accessing the Customers Window
The Customers feature is used to create, edit, and delete customers.
To access the Customers window, do the following:
Step 1
Figure 4-112 Customers Window
The Customers window contains the following:
Customer Name Lists the names of customers. You can sort the list by customer name.
From the Customers window, you can create, edit, or delete customers using the following buttons:
Create Click to create new customers. Enabled only if no customer is selected.
Edit Click to edit selected customer (select by clicking the corresponding box). Enabled only if a single customer is selected.
Delete Click to delete selected customer (select customer by clicking the corresponding box). Enabled only if one or more customers are selected.
Creating a Customer
From the Create Customer window, you can create different customers.
To create a customer, do the following:
Step 1
Step 2
The Create Customer window appears, as shown in Figure 4-113.
Figure 4-113 Create Customer Window
The Create Customer window contains the following fields:
Name (required) Must begin with a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limited to 63 characters.
Customer Information (optional) Any pertinent information about the customer that could be helpful to service provider operators. Limited to 512 characters.
Site of Origin Enabled (optional) Check this box to enable the site of origin.
Step 3
Step 4
The Customers window reappears with the new customer listed.
Editing a Customer
From the Edit Customer window, you can modify the fields that have been specified for a particular customer.
To access the Edit Customer window, do the following:
Step 1
Step 2
Step 3
The Edit Customer window appears, as shown in Figure 4-114.
Figure 4-114 Edit Customer Window
Step 4
Step 5
The changes are saved and the Customers window reappears.
Deleting Customers
From the Delete window, you can remove selected customers from the database.
To access the Delete window, do the following:
Step 1
Step 2
Step 3
The Confirm Delete window appears, as shown in Figure 4-115.
Figure 4-115 Confirm Delete Window
Step 4
The Customers window reappears with the specified customer(s) deleted.
Creating Customer Sites
To access the Customer Sites window, do the following:
Step 1
Step 2
The Customer Sites window appears.
Figure 4-116 Customer Sites Window
The Customer Sites window contains the following:
Site Name Lists the names of sites. The first character must be a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limit: 80 characters. You can sort the list by site name.
Customer Name Lists the names of customer. The first character must be a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limit: 80 characters. You can sort the list by customer name.
From the Customer Sites window, you can create, edit, or delete customer sites using the following buttons:
Create Click to create new customer sites. Enabled only if no customer site is selected.
Edit Click to edit selected customer sites (select by clicking the corresponding box). Enabled only if a single customer site is selected.
Delete Click to delete selected customer site(s) (select by clicking the corresponding box). Enabled only if one or more customer sites are selected.
Creating CPE Devices
The CPE feature provides a list of CPEs that have been associated with a site through the CPE editor or Inventory Manager. To access the CPE Devices window, do the following:
Step 1
Step 2
The CPE Devices window appears.
Figure 4-117 CPE Devices Window
The CPE Devices window contains the following:
Device Name Lists the names of devices. The first character must be a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limit: 80 characters. You can sort the list by device name.
Customer Name Lists the names of customer. The first character must be a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limit: 80 characters. You can sort the list by customer name.
Site Name Lists the names of sites. The first character must be a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limit: 80 characters. You can sort the list by site name.
Management Type Choices include: Managed, Unmanaged, Managed - Management LAN, Unmanaged - Management LAN, Directly Connected, Directly Connected Management Host, and Multi-VRF.
From the CPE Devices window, you can create, edit, or delete CPE devices using the following buttons:
Create Click to create new CPE devices. Enabled only if no customer site is selected.
Edit Click to edit selected CPE device (select by clicking the corresponding box). Enabled only if a single CPE device is selected.
Delete Click to delete selected CPE device(s) (select by clicking the corresponding box). Enabled only if one or more CPE devices are selected.
Providers
This section describes how to create and manage providers. This section includes the following:
•
Accessing the Providers Window
The Providers feature is used to create and manage providers.
To access the Providers window, do the following:
Step 1
Figure 4-118 Providers Window
The Providers window contains the following:
Provider Name Lists the names of providers. You can sort the list by provider name.
BGP AS The Unique number assigned to each BGP autonomous system.
From the Providers window, you can create, edit, or delete providers using the following buttons:
Create Click to create new providers. Enabled only if no customer is selected.
Edit Click to edit selected provider (select by clicking the corresponding box). Enabled only if a single provider is selected.
Delete Click to delete a selected provider (select by clicking the corresponding box). Enabled only if one or more providers are selected.
Creating a Provider
From the Create Provider window, you can create different providers.
To create a provider, do the following:
Step 1
Step 2
The Create Provider window appears, as shown in Figure 4-119.
Figure 4-119 Create Provider Window
The Create Provider window contains the following fields:
Name (required) Must begin with a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limited to 80 characters.
BGP AS (required) Each BGP autonomous system is assigned a unique 16-bit number by the same central authority that assigns IP network numbers. Range: 1 to 65535.
Contact Information (optional) Any pertinent information about the provider that could be helpful to service provider operators. Limited to 512 characters.
Step 3
Step 4
The Providers window reappears with the new provider listed.
Editing a Provider
From the Edit Provider window, you can modify the fields that have been specified for a particular provider.
To access the Edit Provider window, do the following:
Step 1
Step 2
Step 3
The Edit Provider window appears, as shown in Figure 4-120.
Figure 4-120 Edit Provider Window
Step 4
Step 5
The changes are saved and the Providers window reappears.
Deleting Providers
From the Delete window, you can remove selected providers from the database.
To access the Delete window, do the following:
Step 1
Step 2
Step 3
The Confirm Delete window appears, as shown in Figure 4-121.
Figure 4-121 Confirm Delete Window
Step 4
The Providers window reappears with the specified provider(s) deleted.
Creating Provider Regions
A Provider Region is considered to be a group of provider edge routers (PEs) within a single BGP autonomous system. The primary objective for defining Provider Regions is to allow a provider to employ unique IP address pools in large Regions, such as Europe, Asia Pacific, and so forth.
To access the Provider Regions window, do the following:
Step 1
Step 2
The Provider Regions window appears.
Figure 4-122 Provider Regions Window
The Provider Regions window contains the following:
Region Name Lists the names of regions. Must begin with a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limited to 80 characters. You can sort the list by region name.
Provider Name Lists the names of providers. Must begin with a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limited to 80 characters. You can sort the list by provider name.
From the Provider Regions window, you can create, edit, or delete provider regions using the following buttons:
Create Click to create new provider regions. Enabled only if no customer is selected.
Edit Click to edit selected provider regions (select by clicking the corresponding box). Enabled only if a single provider region is selected.
Delete Click to delete selected provider regions (select by clicking the corresponding box). Enabled only if one or more provider regions are selected.
Creating PE Devices
The PE Devices feature provides a list of provider edge routers (PEs) that have been associated with the region, either through the PE editor or Inventory Manager.
To access the PE Devices window, do the following:
Step 1
Step 2
The PE Devices window appears.
Figure 4-123 PE Devices Window
The PE Devices window contains the following:
Device Name Lists the names of devices. The first character must be a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limit: 80 characters. You can sort the list by device name.
Provider Name Lists the names of providers. Must begin with a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limited to 80 characters. You can sort the list by provider name.
Region Name Lists the names of regions. Must begin with a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limited to 80 characters. You can sort the list by region name.
Role Type Choices include: PE_POP, PE_CLE, PE_CORE, PE_MVRF.
From the PE Devices window, you can create, edit, or delete providers using the following buttons:
Create Click to create new PE device. Enabled only if no PE device is selected.
Edit Click to edit selected PE device (select by clicking the corresponding box). Enabled only if a single PE device is selected.
Delete Click to delete selected PE device(s) (select by clicking the corresponding box). Enabled only if one or more PE devices are selected.
Creating Access Domains
To access the Access Domains window, do the following:
Step 1
Step 2
The Access Domains window appears.
Figure 4-124 Access Domains Window
The Access Domains window contains the following:
Access Domain Name Lists the names of access domain. The first character must be a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limit: 80 characters. You can sort the list by access domain name.
Provider Name Lists the names of providers. Must begin with a letter. Can contain letters, numbers, and these punctuation characters: period, underscore, and dash. Limited to 80 characters. You can sort the list by provider name.
From the Access Domains window, you can create, edit, or delete access domains using the following buttons:
Create Click to create new access domain. Enabled only if no access domain is selected.
Edit Click to edit selected access domain (select by clicking the corresponding box). Enabled only if a single access domain is selected.
Delete Click to delete selected access domain(s) (select by clicking the corresponding box). Enabled only if one or more access domains are selected.
Resource Pools
Cisco IP Solution Center enables multiple pools to be defined and used during operations. The following resource pools are available:
•
•
•
•
•
•
•
All these resources, that are made available to the service provider, enable the automation of service deployment.
This section describes how you can create and manage pools for various types of resources. This section includes the following:
•
•
•
Accessing the Resource Pools Window
The Resource Pools feature is used to create and manage various types of resource pools.
To access the Resource Pools window, do the following:
Step 1
Figure 4-125 Resource Pools Window
From the Resource Pools window, you have access to the following buttons:
Pool Type Choices include: IP Address, Multicast Address, Route Distinguisher, Route Target, Site of Origin, VC ID, and VLAN. The fields displayed in the Resource Pools window vary depending on the pool type selected.
Create Click to create new resource pools. Enabled only if no resource pool is selected.
Delete Click to delete selected resource pools (select by clicking the corresponding box). Enabled only if one or more resource pools are selected.
Creating an IP Address Pool
The ISC software uses IP address pools to automatically assign IP addresses to PEs and CEs. Each Region has an IP address pool to use for IP numbered addresses (point-to-point address pool) and a separate IP address pool for IP unnumbered address (loopback address pool).
Within a VPN or extranet, all IP addresses must be unique. Customer IP addresses must not overlap with the provider's IP addresses. Overlapping IP addresses are only possible when two devices cannot see each other—that is, when they are in isolated VPNs.
From the Create IP Address Pool window, you can create IP address pools.
To create an IP address pool, do the following:
Step 1
Step 2
Step 3
The Create IP Address Pool window appears, as shown in Figure 4-126.
Figure 4-126 Create IP Address Pool Window
The Create IP Address Pool window contains the following fields:
IP Address Pool (required) Text field in the format a.b.c.d/mask, for example 172.0.0.0/8.
Pool Mask (bits) (required) Choices include: 30 and 32.
Pool Association (required) Choices include: Region and VPN.
Note
Step 4
Step 5
The Resource Pools window reappears with the new IP address pool listed.
Creating a Multicast Pool
From the Create Multicast Pool window, you can create multicast pools. These pools are global and are not associated with any provider or customer.
To create a multicast pool, do the following:
Step 1
Step 2
Step 3
The Create Multicast Pool window appears, as shown in Figure 4-127.
Figure 4-127 Create Multicast Pool Window
The Create Multicast Pool window contains the following fields:
Multicast Address (required) Text field in the format a.b.c.d/mask, for example 239.0.0.0/8. Range: 224.0.0.0/8 to 239.255.255.255/32.
Use for default MDT (optional) This is a checkbox. From the drop-down list, select the data MDT size. MDT refers to a multicast distribution tree (MDT). The MDT defined here carries multicast traffic from customer sites associated with the multicast domain. Default: checked.
Use for Data MDT (optional) This is a checkbox. The data MDT contains a range of multicast group addresses and a bandwidth threshold. Thus, whenever a CE behind a multicast-VRF exceeds that bandwidth threshold while sending multicast traffic, the PE sets up a new data MDT for the multicast traffic from that source. The PE informs the other PEs about this data MDT and, if they have receivers for the corresponding group, the other PEs join this data MDT. Default: checked.
Step 4
Step 5
The Resource Pools window reappears with the new multicast pool listed.
Creating a Route Distinguisher and Route Target Pool
MPLS-based VPNs employ Border Gateway Protocol (BGP) to communicate between PEs to facilitate customer routes. This is made possible through extensions to BGP that carry addresses other than IPv4 addresses. A notable extension is called the route distinguisher (RD).
The purpose of the route distinguisher (RD) is to make the prefix value unique across the network backbone. Prefixes should use the same RD if they are associated with the same set of route targets (RTs) and anything else that is used to select routing policy. The community of interest association is based on the route target (RT) extended community attributes distributed with the Network Layer Reachability Information (NLRI). The RD value must be a globally unique value to avoid conflict with other prefixes.
The MPLS label is part of a BGP routing update. The routing update also carries the addressing and reachability information. When the RD is unique across the MPLS VPN network, proper connectivity is established even if different customers use non-unique IP addresses.
For the RD, every CE that has the same overall role should use a VRF with the same name, same RD, and same RT values. The RDs and RTs are only for route exchange between the PEs running BGP. That is, for the PEs to do MPLS VPN work, they have to exchange routing information with more fields than usual for IPv4 routes; that extra information includes (but is not limited to) the RDs and RTs.
From the Create Route Distinguisher Pool window, you can create route distinguisher pools.
To create a route distinguisher pool, do the following:
Step 1
Step 2
Step 3
The Create Route Distinguisher Pool window appears, as shown in Figure 4-128.
Figure 4-128 Create Route Distinguisher Pool Window
The Create Route Distinguisher Pool window contains the following fields:
RD Pool Start (required) Range: 0 to 2147483646.
RD Pool Size (required) Range: 1 to 2147483647.
Provider (required)
Step 4
Step 5
The Provider for new Resource Pool window appears, as shown in Figure 4-129.
Figure 4-129 Provider for New Resource Pool Window
Step 6
Step 7
The Resource Pools window reappears with the new route distinguisher pool listed.
To create a Route Target Pool, do the following:
Step 1
Step 2
Step 3
The Create Route Target Pool window appears, as shown in Figure 4-130.
Figure 4-130 Create Route Target Pool Window
The Create Route Target Pool window contains the following fields:
RT Pool Start (required) Range: 0 to 2147483646.
RT Pool Size (required) Range: 1 to 2147483647.
Provider (required)
Step 4
Step 5
The Provider for new Resource Pool window appears, as shown in Figure 4-131.
Figure 4-131 Provider for New Resource Pool Window
Step 6
Step 7
The Resource Pools window reappears with the new route target pool listed.
Creating a Site of Origin Pool
In ISC, CE sites use private/public AS numbers and when one AS number is used for each VPN, all sites belonging to the same VPN share the same private/public AS number. The default BGP behavior is to drop any prefix if its own AS number is already in the AS path. As a result, a customer site does not learn prefixes of a remote site in this situation. AS-OVERRIDE must be configured (if there are hub sites involved, ALLOWAS-IN must be configured) to allow those prefixes to be sent by PE routers but a routing loop can occur.
For example, CE1 and CE2 belong to the same customer VPN and have the same AS number 65001. The AS path between two customer sites is 65001 - 1234 - 65001 and prefixes cannot be exchanged between customer sites because AS 65001 is already in the path. To solve this problem, AS-OVERRIDE options are configured on PE routers; but it introduces a routing loop into the network without using extended community site of origin attributes.
Site of origin is a concept in ISC architecture that prevents routing loops in sites that are multi-homed to the ISC backbone and in sites using AS-OVERRIDE in conjunction. Site of origin is a type of BGP extended community attribute used to identify a prefix that originated from a site so that the re-advertisement of that prefix back to the site can be prevented. This attribute uniquely identifies the site from which the PE router learned the route. Site of origin is tagged at PE in peering with BGP neighbors using an inbound route-map and works in conjunction with BGP CE-PE routing protocol.
Site of origin must be unique per customer site per VPN/customer (when these sites are multi-homed). Therefore, the same value of site of origin must be used on PE routers connected to the same CE router or to the same customer site.
Note
From the Create Site of Origin Pool window, you can create site of origin pools.
To create a site of origin pool, do the following:
Step 1
Step 2
Step 3
The Create Site of Origin Pool window appears, as shown in Figure 4-132.
Figure 4-132 Create Site of Origin Pool Window
The Create Site of Origin Pool window contains the following fields:
SOO Pool Start (required) Range: 0 to 2147483646.
SOO Pool Size (required) Range: 1 to 2147483647.
Provider (required)
Step 4
Step 5
The Provider for new Resource Pool window appears, as shown in Figure 4-133.
Figure 4-133 Provider for New Resource Pool Window
Step 6
Step 7
The Site of Origin pools window reappears with the new route target pool listed.
Creating a VC ID Pool
From the Create VC ID Pool window, you can create VC ID pools. These pools are global and are not associated with any provider or customer
To create a VC ID pool, do the following:
Step 1
Step 2
Step 3
The Create VC ID Pool window appears, as shown in Figure 4-134.
Figure 4-134 Create VC ID Pool Window
The Create VC ID Pool window contains the following fields:
VC Pool Start (required) Range: 0 to 2147483646.
VC Pool Size (required) Range: 1 to 2147483647.
Step 4
Step 5
The VC ID Pools window reappears with the new VC ID pool listed.
Creating a VLAN Pool
From the Create VLAN Pool window, you can create VLAN pools.
To create a VLAN pool, do the following:
Step 1
Step 2
Step 3
The Create VLAN Pool window appears, as shown in Figure 4-135.
Figure 4-13
